On 05/03/2021 16:40, Ian Jackson wrote:
> Andrew Cooper writes ("Re: [PATCH 1/2][4.15?] x86/shadow: suppress "fast
> fault path" optimization when running virtualized"):
>> This wants backporting to stable releases, so I would recommend for 4.15
>> even at this point.
> Can someone explain to me the implications of not taking these patch,
> and the risks of taking them ?
>
> AFIACT the implications of not taking 1/ are that we would misbehave
> in a security relevant way, sometimes, when we are running under
> another hypervisor ?
Correct. Specifically if you've got a migration pool containing an
IceLake server and something older.
> And the implications of not taking 2/ is a performance problem ?
Correct (I believe).
> As to the risks, 1/ looks obviously correct even to me.
I agree, although Tim has the deciding maintainer vote.
> 2/ seems complex. What would go wrong if there were a misplaced ) or
> confused bit-twiddling or something ?
The bit twiddling can be independency checked by disassembling the binary.
However, I have some concerns with the patch as-is, in relation to L1TF
/ XSA-273.
~Andrew
